Commit Graph

58011 Commits

Author SHA1 Message Date
Santiago Aboy Solanes
d109cdb1fa [ptr-compr][turbofan] Mark as (Compressed|Tagged)(Pointer|Signed) when possible
In instruction selector we were tagging as Compressed or Tagged Any when
we could have been more specific. Also, we were marking as Word32 or Word64
when we should have been using CompressedSigned or TaggedSigned, respectively.

Drive-by cleanup: Rename MarkAsReference to MarkAsTagged.

Bug: v8:7703
Change-Id: I4df7a17e25cfa51a1e11eac0af40be21efb50990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739367
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63119}
2019-08-07 17:00:38 +00:00
Eric Seckler
66741e4e3d microtask queue: Fix trace event ordering.
The previous ordering caused a SCOPED event to end after its parent
event, which isn't really supported in the trace format.

Change-Id: I2ddaa12596604499366854231506c889d910f951
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741926
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Eric Seckler <eseckler@chromium.org>
Auto-Submit: Eric Seckler <eseckler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63118}
2019-08-07 14:50:18 +00:00
Michael Achenbach
bc7c26040c Whitespace change to trigger bots
TBR=santa

Change-Id: I05cdd74eea6f2b02158d6d9854f35a08b455edd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741656
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63117}
2019-08-07 13:42:06 +00:00
Ross McIlroy
d7d971924a [Compile] Replace resetting of feedback vector with CHECK_EQ.
Previous differences in eager and lazy parsing meant that it was possible
that feedback vectors could be different for the same function depending on
how it was compiled. These issues have now been fixed, so remove the workaround
and add an explicit CHECK that the feedback vectors are the same.

BUG=chromium:984344,v8:9511

Change-Id: I0edfa350b1a2f236db1ee2f86bc46690da926af1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741650
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63116}
2019-08-07 12:16:28 +00:00
Tobias Tebbi
4418a7b96a Revert "[torque] introduce JSAny type for user-accessible JavaScript values"
This reverts commit 79b00555ea.

Reason for revert: needs more discussion

Original change's description:
> [torque] introduce JSAny type for user-accessible JavaScript values
> 
> This CL introduces a JSAny type for user-exposed JavaScript values and
> a few new types to define it. Especially, it splits Symbol into
> PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
> symbols).
> 
> The change is mostly mechanical, but a few things are interesting:
> - PropertyKey and JSPrimitive were designed to coincide with the spec
>   notions of IsPropertyKey() and primitive value, respectively.
> - Since Name is an open type, we define AnyName to be the known
>   subtypes of Name. This is not too elegant, but by using AnyName
>   instead of Name, typeswitch can properly conclude something if a
>   subtype of Name is excluded.
> 
> Small drive-by changes, which were necessary:
> - Allow subtyping on label parameters.
> - Fix the formatting of typeswitch, it was broken with union types
>   in case types.
> 
> Bug: v8:7793
> Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63114}

TBR=neis@chromium.org,jgruber@chromium.org,tebbi@chromium.org

Change-Id: Ifde7881d74afe407628f40047997339d54cb2424
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741652
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63115}
2019-08-07 11:49:20 +00:00
Tobias Tebbi
79b00555ea [torque] introduce JSAny type for user-accessible JavaScript values
This CL introduces a JSAny type for user-exposed JavaScript values and
a few new types to define it. Especially, it splits Symbol into
PrivateSymbol (not exposed) and PublicSymbol (JavaScript exposed
symbols).

The change is mostly mechanical, but a few things are interesting:
- PropertyKey and JSPrimitive were designed to coincide with the spec
  notions of IsPropertyKey() and primitive value, respectively.
- Since Name is an open type, we define AnyName to be the known
  subtypes of Name. This is not too elegant, but by using AnyName
  instead of Name, typeswitch can properly conclude something if a
  subtype of Name is excluded.

Small drive-by changes, which were necessary:
- Allow subtyping on label parameters.
- Fix the formatting of typeswitch, it was broken with union types
  in case types.

Bug: v8:7793
Change-Id: I14b10507f8cf316ad85e048fe8d53d1df5e0bb13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735322
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63114}
2019-08-07 11:44:18 +00:00
Joyee Cheung
919ee633a7 [class] fix super access in private methods
This patch stores the home objects in private methods that
access super properties.

Bug: v8:8330
Change-Id: I2507fda0bd70183f02d162ec50a5be76c248f0ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724900
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#63113}
2019-08-07 10:56:43 +00:00
Joyee Cheung
8eadbe5cb0 [class] hide private name symbols from the block scope in DevTools
Currently, the private name symbols are displayed in the block
scopes in DevTools, though these are just implementation details
of private fields. This patch hides them from the block scope
by marking variables with names starting with `#` as synthetic.

The private fields are still going to show up in the previews
of objects, only the key symbols themselves are going to be hidden.

Bug: v8:8773, chromium:982267
Change-Id: I059472d05c26a1f035ab92718a1b7e5ecafa8dc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741846
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#63112}
2019-08-07 10:55:38 +00:00
Simon Zünd
d15824422a Client errors without a stack property should try to include the message
This CL changes {descriptionForError} to not immediately return when a {stack}
is not found, but instead try to lookup and append the {message} as well.

The existing logic to build a description in a specific way when the class
of the exception does not match, is retained for backwards compatibility.

Bug: chromium:954017
Change-Id: I9fa1d2807e2877bd988f82b4b57cf329bcd9f61b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738862
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63111}
2019-08-07 10:49:58 +00:00
Thibaud Michaud
179ed98857 [wasm] Support multi-return WASM function calls from JS
Calling a multi-return WASM function from JS creates an array filled
with the returned values.

See: https://github.com/WebAssembly/multi-value

R=ahaas@chromium.org

Bug: v8:9492
Change-Id: I3151212b6784782c8f89908befab9d26b32e5a8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739372
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63110}
2019-08-07 10:15:39 +00:00
Mythri A
42fd0bfd39 Uniformly track transitions from non-smi elements kind in allocation site
We didn't track transitions from non-smi elements kind in builtins but we
did track them in the runtime. We should track these transitions in
builtins as well. Not tracking them uniformly causes deopts in unexpected
places which are hard to reason about.


Bug: chromium:987522
Change-Id: I09403c7365d4d2474bca3ab601887abec19aef27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736748
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63109}
2019-08-07 09:47:42 +00:00
Jakob Kummerow
01d77d0356 [wasm-c-api] Roll 96d346c: Add ref equality
Also roll 0705a10: Comments

Change-Id: I9802283fa68093839286779503b6073122cbc8d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739369
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63108}
2019-08-07 09:18:33 +00:00
Michael Achenbach
b8ecf9faa0 Whitespace change to trigger builders
Change-Id: I035d276004b21f167ede2ecd9bc59759f135bbd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741647
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63107}
2019-08-07 07:40:44 +00:00
v8-ci-autoroll-builder
c958bd1ee4 Update V8 DEPS.
Rolling v8/build: 38ae7d2..8400a89

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/698405a..1b12368

Rolling v8/third_party/depot_tools: 36756e4..aa2db56

Rolling v8/tools/clang: cd2137f..3605577

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I08bb4364173d6a8765d07a7b6e9665f188306c9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1740967
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63106}
2019-08-07 03:36:36 +00:00
Deepti Gandluri
98b71a21d3 [wasm] Throw verbose errors for experimental local types
Change-Id: I0607978da6c346c5f8807b0c9a33e0245cd503e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738470
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63105}
2019-08-06 22:34:27 +00:00
Maggie Chen
71877cf79c Increase old generation size from 2 GB to 4 GB for the 16 GB physical memory configuration
The current V8HugeMaxOldGenerationSize feature increases the JS heap size for
systems with larger than 16 GB physical memory. This cl adds support for 16 GB
configuration.

Because a small portion of memory is reserved by hardware, the physical memory
calculation here is rounded up to GB so the actual installed memory is checked.

Bug:chromium:958974

Change-Id: Idaf2e03a43ba6c3c40bb771296d06b87032c2725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1734038
Commit-Queue: Maggie Chen <magchen@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63104}
2019-08-06 15:25:25 +00:00
Jakob Gruber
7815e260ef [array] Add HandleScope in Array.p.includes slow path
The HandleScope lets objects allocated within the slow loop be collected
prior to loop termination.

Drive-by: Use the appropriate kMaxElementCount constant.
Drive-by: Switch to less-or-equal comparison against it.

Bug: chromium:948810
Change-Id: I2449408b87e7e82dead5ee76d8c92129fa3243fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736749
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63103}
2019-08-06 15:17:05 +00:00
Sami Kyostila
7d7abeaa5f [tracing] Replace semaphores with {Start,Stop}Blocking
Use Perfetto's Start/StopBlocking() helpers instead of bespoke
synchronization with semaphores.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: If8266d5fa5e3ff6403b9b2e539ec985bc67fcc90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728623
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63102}
2019-08-06 15:11:15 +00:00
Peter Marshall
6a143fd030 [cleanup] Rename uses of 'neuter' to 'detach'
Ongoing cleanup to use the same term everywhere.

Bug: chromium:913887
Change-Id: Ifc4d4de0c2dfd9f1150e61d64cf7f91cf923aa24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738865
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63101}
2019-08-06 14:24:05 +00:00
Michael Achenbach
708995b67c Revert "[wasm] Test concurrent code emission"
This reverts commit 1152445367.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/27728

Original change's description:
> [wasm] Test concurrent code emission
> 
> This extends the jump table stress test. Currently, we generate
> different thunks (on the main thread) and then concurrently update the
> jump table to jump to one of these thunks.
> With this CL, we also generate the thunks concurrently. So this also
> tests whether there is proper synchronization between code generation
> and executing it in another thread.
> 
> R=​ahaas@chromium.org, mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: I3598329e37482ebd27a13acc752581c714226184
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735319
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63097}

TBR=mstarzinger@chromium.org,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I1c95cb43aa23340913de9cfad9988d0c583cc266
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1739368
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63100}
2019-08-06 13:35:07 +00:00
Joshua Litt
211340de17 [atomics] Make IsLockFree handle 8 bytes
This cl makes IsLockFree return true for 8 bytes on x64 platforms.
The standard is unfortunately a bit vague on what exactly 'lock free' means.
As a result, we err on the side of caution. We can revisit this, but first
we need the specification to nail down exactly what 'lock free' in this
context.

Bug: v8:8100
Change-Id: I0a6099c6cb95a5581f3e71d0267857b88b4a2f0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735592
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63099}
2019-08-06 13:03:47 +00:00
Tobias Tebbi
acf9170ff9 [torque] simplify AST around generics
Bug: v8:7793
Change-Id: I5f5461e4e3d31c6d3c2c1fba4ce48a4eb5db5d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725625
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63098}
2019-08-06 12:52:37 +00:00
Clemens Hammacher
1152445367 [wasm] Test concurrent code emission
This extends the jump table stress test. Currently, we generate
different thunks (on the main thread) and then concurrently update the
jump table to jump to one of these thunks.
With this CL, we also generate the thunks concurrently. So this also
tests whether there is proper synchronization between code generation
and executing it in another thread.

R=ahaas@chromium.org, mstarzinger@chromium.org

Bug: v8:9477
Change-Id: I3598329e37482ebd27a13acc752581c714226184
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735319
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63097}
2019-08-06 12:46:47 +00:00
Santiago Aboy Solanes
d9b26900b9 [cleanup] Specialize and clean up accesses
There were some accesses that could be specialized to Pointer
instead of Any.

Also updated the WriteBarrierKind to match. Any -> full barrier,
Pointer -> Pointer barrier, Signed -> no barrier.

There were some accesses that were not used, and therefore got deleted.

Bug: v8:9396
Change-Id: Ie249e6571080fa6e24d9022344775de679966144
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733070
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63096}
2019-08-06 12:22:39 +00:00
Andreas Haas
f97a68bf62 [wasm] Clean up wasm-feature-flags.h
This CL removes the SEPERATOR from the FOREACH_WASM_FEATURE_FLAG macro,
which was ugly, and fortunately also unnecessary.

R=jkummerow@chromium.org

Bug: v8:9396
Change-Id: I455589331f84a011a231d6897d03e8ab0b492b45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738847
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63095}
2019-08-06 12:17:24 +00:00
Michael Achenbach
b19b90d698 [test] Skip slow tests
NOTRY=true

Bug: v8:7783
Change-Id: I90226a16744388149993380399f1c6ee577b7c11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738861
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63094}
2019-08-06 12:16:20 +00:00
Michael Achenbach
2379d38d92 Bump shards on slow CQ builder
NOTRY=true
TBR=tmrts@chromium.org

Change-Id: Id7148a5579d99928116a416bbd149d9ed7135fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738858
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63093}
2019-08-06 11:59:00 +00:00
Sathya Gunasekaran
b319a99b16 [objects] Rename is_public bit on Symbol
The is_public name is misleading now that we have private
symbols. It's only used to know if the symbol is stored in the global
symbol registry.

This patch renames it to a more suitable name.

Change-Id: I78f31cb5438416d07b78a9038c3526c9dfb96c6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738849
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63092}
2019-08-06 11:55:44 +00:00
Simon Zünd
db9e542662 Introduce parenthesis in BuildAsciiCharFlags
This CL fixes an upcoming clang compiler warning (-Wparentheses).

BuildAsciiCharFlags uses ternary operator '?' together with bitwise
or '|'. Bitwise or '|' binds stronger than '?', so BuildAsciiCharsFlags
is basically: return check1(c) ? E1
                  : (0 | check2(c)) ? E2
                       : (0 | check3(c)) ? E3
                           : 0;
This CL fixes this.

Change-Id: I794ef4aa19786e61b23d1f2b35eff486cf6d569a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738850
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63091}
2019-08-06 11:54:39 +00:00
Darius Mercadier
bea2651b56 [heap] Sort map space freelist to reduce fragmentation
Sorting the pages by least free bytes should reduce fragmentation:
since map space is never compacted, it makes sense to first fill
pages that are the most full already rather than to start with the
most empty pages (which is what was more or less going on until this
CL).

Bug: v8:9329
Change-Id: I2157e3b4706c53da80220da5e4a26c00ee4c592f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735325
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#63090}
2019-08-06 10:41:39 +00:00
Clemens Hammacher
f665d89f03 Reland "[wasm] Add support to allocate in a specific code region"
This is a reland of a3218aa744.
Unmodified reland, thus TBR.

Original change's description:
> [wasm] Add support to allocate in a specific code region
>
> For multiple code spaces with multiple jump tables, we need to allocate
> the space for the jump tables within specific regions (the new code
> spaces) so they are within reachable distance.
> This CL adds support for that, and uses it for the first jump table.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9477
> Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63074}

TBR=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ic110705fa13edeb103c06ad579a61cba78b6890c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738848
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63089}
2019-08-06 10:20:09 +00:00
Clemens Hammacher
e4a968a688 Reland "[wasm] Prepare for multiple jump tables"
This is a reland of 779bdef36e

Original change's description:
> [wasm] Prepare for multiple jump tables
> 
> This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
> code spaces with separate jump tables. {WasmCodeAllocator} calls back
> to the {NativeModule} for each code space it allocates, and
> {NativeModule} stores data (especially the jump table) for each code
> space.
> A jump table is currently only created for the first code space added,
> so nothing changes there yet.
> 
> R=mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63069}

Bug: v8:9477
Change-Id: I9e25d59029cb6ce4869cf53a868afc59bc20b72f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735324
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63088}
2019-08-06 09:06:19 +00:00
Dominik Inführ
e2f98ec22c Use list of invalidated objects for old-to-new refs
Instead of inserting "deletion" entries into the store buffer, keep
a list of invalidated objects to filter out invalid old-to-new slots.

The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots.

Bug: v8:9454
Change-Id: Iffb5bf96de2c89eee1ee1231a3414a0f2a155cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733081
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63087}
2019-08-06 09:01:59 +00:00
Darius Mercadier
59cf4f8bfa [heap] Remove sorting of map space before sweeping
Sorting is done in order to make compaction more efficient: by
sweeping pages with the most free bytes first, we make it more likely
that when evacuating a page, already swept pages will have enough free
bytes to hold the objects to move (and therefore, we won't need to
wait for more pages to be swept in order to move those objects).
Since maps don't move, there is no need to sort the pages from
MAP_SPACE before sweeping them.

Bug: v8:9093
Bug: v8:9329
Change-Id: I63964364d3cd0b64faf8570e87b5f75de6443902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736746
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63086}
2019-08-06 07:55:22 +00:00
Jakob Gruber
9b24f6ecc5 Move knowledge of frame stack height into the FrameStateDescriptor
When serializing frame states into translations (later used by
deopts), we pass certain values, depending on the frame kind, to be
serialized as the frame height.

This CL moves the calculation of this height value into the
FrameStateDescriptor. In a follow-up, we may want to simplify the way
these height values are passed and processed by deopts.

The motivation behind this is to simplify calculation of unoptimized
stack frame sizes during compilation.

Bug: v8:9534
Change-Id: I20d2b57a42cea0c238b9c887dba0280f6aad76de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728609
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63085}
2019-08-06 07:38:12 +00:00
v8-ci-autoroll-builder
887b6f5d80 Update V8 DEPS.
Rolling v8/build: d57f70e..38ae7d2

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/93ee550..698405a

Rolling v8/third_party/depot_tools: 921f6a1..36756e4

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ic6b12a6c3bfbbd27895110a29de92788360eaf3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1737928
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63084}
2019-08-06 07:30:32 +00:00
Peter Marshall
5ab7510e93 [tracing] Fix TracingCpuProfiler test for Perfetto
Update the TracingCpuProfiler test to work properly with perfetto.

Roll perfetto to get fixes for bugs encountered with starting/stopping
tracing rapidly, which happens in the test for the tracing profiler.

Add a check that the DataSource::Register call was successful to flush
out any errors there (although they are fixed by the perfetto roll).

Emit a fake trace event when stopping tracing in order to avoid
losing the final trace event that the user provided. Remove the ad-hoc
fake final trace events that the cctests for perfetto added.

Add a test StartAndStopRepeated which flushes out the issues fixed by
the perfetto roll.

TBR=yangguo@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I042d7385486bf42c86f1631406974693868a477f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731006
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63083}
2019-08-05 15:54:07 +00:00
Mythri A
2999cea522 Reland "[ic] Don't transition to premonomorphic state"
This is a reland of 159df2488c

Original change's description:
> [ic] Don't transition to premonomorphic state
> 
> We used to use premonomorphic state to delay initializing the ICs.
> This optimization was to avoid the cost of setting up handlers if the
> code executed only once. With lazy feedback allocation we no longer
> need this.
> 
> This cl also renames LoadIC_Uninitialized to LoadIC_Nofeedback and
> StoreIC_Uninitialized to StoreIC_Nofeedback since we now miss to
> runtime in the uninitialized state and use the builtin when there
> is no feedback.
> 
> 
> Change-Id: I1633e61ea74664da51348e362c34c47a017a264a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683525
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63020}

Change-Id: Ica7eb65649615c2f8410d5b815a98b55cb1cfc4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731000
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63082}
2019-08-05 15:51:47 +00:00
Ulan Degenbaev
8fdb23873b Revert ""Reland x4 [arraybuffer] Rearchitect backing store ownership""
This reverts commit 5611f70b3d.

Reason for revert: flaky tests: v8:9588, v8:9587

Original change's description:
> "Reland x4 [arraybuffer] Rearchitect backing store ownership"
> 
> This is a reland of bc33f5aeba
> 
> Contributed by titzer@chromium.org
> 
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
> 
> TBR=yangguo@chromium.org
> 
> BUG=v8:9380,v8:9221,chromium:986318
> 
> Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63041}

TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9380, v8:9221, chromium:986318
Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63081}
2019-08-05 15:33:47 +00:00
Milad Farazmand
9f7c3f0994 s390: [heap] Relocating the write barrier flag on s390
Port ae60ea7e7d

Original Commit Message:

    The mode without write barriers works only if incremental marking
    is disabled and the single generation mode is enabled.

R=wangrong089@gmail.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: If2eb047bed41b92a0366c1401d0acf069257b650
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733730
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63080}
2019-08-05 14:42:05 +00:00
Tobias Tebbi
ec2ea85f41 [torque] remove support for implicit branching on macros with labels
Now that we can short-circuit control flow in the optimizing compiler,
there is no more need for BranchIf... macros in CSA/Torque.
Thus removing support for them in Torque and rewriting Torque macros to
use bool return values instead.

Bug: v8:7793
Change-Id: Ie4b7522aa5558be038fe821d8b5d02859d522ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724211
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63079}
2019-08-05 14:13:54 +00:00
Simon Zünd
900f3a5d54 Change AccessorPair::GetComponent to require an explicit native_context
This CL changes the signature of AccessorPair::GetComponent to take
an additional parameter {native_context}. The current native_context
does not always match the native context of the holder, resulting in
JSFunctions that have the wrong native context for lazy instantiated
AccessorPairs.

Bug: chromium:989909, v8:6495
Change-Id: I45bfcb27ac367858dd6788736eba1a2e1302e802
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735311
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63078}
2019-08-05 12:53:49 +00:00
Peter Marshall
9d4a2ae117 [api] Advance deprecation of TypedArray::Neuter operations
Bug: chromium:913887
Change-Id: I3b3040acc919990fa39f54add989c5caf325864a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735316
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63077}
2019-08-05 12:32:38 +00:00
Leszek Swirski
eed9131a5b Revert "[wasm] Prepare for multiple jump tables"
This reverts commit 779bdef36e.

Reason for revert: Speculative revert for win breakage (https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8905967677942963904/+/steps/Check/0/logs/Fixed/0)

Original change's description:
> [wasm] Prepare for multiple jump tables
> 
> This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
> code spaces with separate jump tables. {WasmCodeAllocator} calls back
> to the {NativeModule} for each code space it allocates, and
> {NativeModule} stores data (especially the jump table) for each code
> space.
> A jump table is currently only created for the first code space added,
> so nothing changes there yet.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63069}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I57af88872c1335d547f83e524c8f06938b5c817b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735320
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63076}
2019-08-05 12:19:43 +00:00
Leszek Swirski
ee0aeefacc Revert "[wasm] Add support to allocate in a specific code region"
This reverts commit a3218aa744.

Reason for revert: Needed for another revert (https://chromium-review.googlesource.com/c/v8/v8/+/1735320)

Original change's description:
> [wasm] Add support to allocate in a specific code region
> 
> For multiple code spaces with multiple jump tables, we need to allocate
> the space for the jump tables within specific regions (the new code
> spaces) so they are within reachable distance.
> This CL adds support for that, and uses it for the first jump table.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:9477
> Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63074}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I4b1d1e670d5b25fa40205754d9572b2b809c93ea
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735321
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63075}
2019-08-05 12:18:40 +00:00
Clemens Hammacher
a3218aa744 [wasm] Add support to allocate in a specific code region
For multiple code spaces with multiple jump tables, we need to allocate
the space for the jump tables within specific regions (the new code
spaces) so they are within reachable distance.
This CL adds support for that, and uses it for the first jump table.

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63074}
2019-08-05 12:01:28 +00:00
Georg Neis
ad73bbe937 Revert "[TurboFan] Brokerize remaining feedback vector slots"
This reverts commit 9499ec0d43.

Reason for revert: Breaks lots of stuff, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064%20-%20future/9401

Original change's description:
> [TurboFan] Brokerize remaining feedback vector slots
> 
> This CL adds new ProcessedFeedback subclasses, corresponding to various IC
> types:
> 
> * ForIn
> * Comparison ops
> * Binary/Unary ops
> * InstanceOf
> * Calls
> 
> The feedback is gathered at serialization time and used in several places,
> namely:
> 
> * Bytecode graph building,
> * and its helper class JSTypeHintLowering (with its "early lowering")
> * Native context specialization
> * JSCallReducer
> 
> Design doc: https://docs.google.com/document/d/1JLG0VFV8xmsAIJexU19xzlbNyP51ONqfo_Gf_2DcPC8/edit?usp=sharing
> 
> Bug: v8:7790
> Change-Id: I53c3d7a17f844384f38c4ee0f0b082c114217a02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710663
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63028}

TBR=mvstanton@chromium.org,neis@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7790
Change-Id: Id0c4d6651611fc3964010f7615d0ad0485169ebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735315
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63073}
2019-08-05 11:53:58 +00:00
Michael Achenbach
cdfadf4a99 Reland "[test] Print hanging tests on linux on test-runner termination"
This is a reland of 3fc9663159

The private method on_event in timeout proc is now renamed to be truly
private.

Original change's description:
> [test] Print hanging tests on linux on test-runner termination
>
> This will print the list of processes still running before and after
> joining workers during termination. This will help debugging hanging
> tests during flake-bisect or with num-fuzzer, which both terminate
> on total timeout and currently still sometimes hang without printing
> processes.
>
> Bug: v8:8292
> Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63065}

Bug: v8:8292
Change-Id: Ibad1172666d6f4d2c07884a54edfe9d6499b57fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735318
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63072}
2019-08-05 11:50:18 +00:00
Simon Zünd
8c3da74f18 Use correct native context when instantiating AccessorPairs
This CL changes the way AccessorPairs are collected for instantiation
when debug break trampolines are installed.
Instead of walking the heap and looking at AccessorPairs directly, we
look at all JSObjects and collect AccessorPairs via each objects
descriptor array. This way, we can associate the correct native
context with each collected AccessorPair.

The current native context is not always the correct context to instantiate
the getter and setter JSFunctions for an AccessorPair.

Bug: chromium:986063
Change-Id: I124a0802f4938b95f1ad75efc65eb05b66bcfc67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735310
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63071}
2019-08-05 11:25:48 +00:00
Joshua Litt
b6731abef0 [turbofan] Revert algorithm simplification in Math.hypot
When a fast path was added for Math.hypot, the algorithm was also
simplified. This simplification turns out to be incorrect in some rare
edge cases. This cl reverts back to the original algorithm and converts it to torque.

Original cl: https://chromium-review.googlesource.com/c/v8/v8/+/1684178

Bug: v8:9546
Change-Id: If4e21504732f46081a8de823f50f499917f1a20c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725200
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63070}
2019-08-05 11:12:58 +00:00